Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8171319

keytool should print out warnings when reading or generating cert/cert req using weak algorithms

    Details

    • Subcomponent:
    • Resolved In Build:
      b160
    • Verification:
      Verified

      Backports

        Description

        This applies to -gencert, -genkeypair, -certreq, -selfcert, -printcert, -printcrl, and -printcertreq. Also -exportcert and -importcert.

        Do we have a list of weak symmetric algorithms? We have -genseckey and -importpass

          Issue Links

            Activity

            weijun Weijun Wang created issue -
            weijun Weijun Wang made changes -
            Field Original Value New Value
            Component/s security-libs [ 10306 ]
            Component/s client-libs [ 10307 ]
            Priority P4 [ 4 ] P3 [ 3 ]
            Subcomponent java.security [ 195 ]
            weijun Weijun Wang made changes -
            Issue Type Bug [ 1 ] Enhancement [ 7 ]
            mullan Sean Mullan made changes -
            Status New [ 10000 ] Open [ 1 ]
            mullan Sean Mullan made changes -
            Labels security-disabled-algs-rfe
            weijun Weijun Wang made changes -
            Issue Type Enhancement [ 7 ] Bug [ 1 ]
            weijun Weijun Wang made changes -
            Description This applies to -gencert, -genkeypair, -certreq, -selfcert, -printcert, -printcrl, and -printcertreq. Maybe -exportcert and -importcert.

            Do we have a list of weak symmetric algorithms? We have -genseckey and -importpass
            This applies to -gencert, -genkeypair, -certreq, -selfcert, -printcert, -printcrl, and -printcertreq. Also -exportcert and -importcert. Especially, -importcert needs a prompt.

            Do we have a list of weak symmetric algorithms? We have -genseckey and -importpass
            coffeys Sean Coffey made changes -
            Labels security-disabled-algs-rfe security-disabled-algs-rfe supportability:data
            mullan Sean Mullan made changes -
            Security Confidential [ 10000 ]
            weijun Weijun Wang made changes -
            Priority P3 [ 3 ] P2 [ 2 ]
            weijun Weijun Wang made changes -
            Labels security-disabled-algs-rfe supportability:data 9-critical-watch security-disabled-algs-rfe supportability:data
            jehung Jeannette Hung made changes -
            Affects Version/s 8 [ 11815 ]
            Affects Version/s 7 [ 11810 ]
            Affects Version/s 6 [ 11814 ]
            Affects Version/s 9 [ 14949 ]
            weijun Weijun Wang made changes -
            Labels 9-critical-watch security-disabled-algs-rfe supportability:data 9-critical-watch release-note=yes security-disabled-algs-rfe supportability:data
            weijun Weijun Wang made changes -
            Description This applies to -gencert, -genkeypair, -certreq, -selfcert, -printcert, -printcrl, and -printcertreq. Also -exportcert and -importcert. Especially, -importcert needs a prompt.

            Do we have a list of weak symmetric algorithms? We have -genseckey and -importpass
            This applies to -gencert, -genkeypair, -certreq, -selfcert, -printcert, -printcrl, and -printcertreq. Also -exportcert and -importcert.

            Do we have a list of weak symmetric algorithms? We have -genseckey and -importpass
            weijun Weijun Wang made changes -
            Comment [ Critical Request Template

            - Justification: This is a part of weak algorithm detection and avoidance work across all versions. The change has already been done for jarsigner (JDK-8163304) and the work on keytool is not finished due to keytool having much more functions than jarsigner.

            - Risk Analysis:
 Low. In most cases only warnings are printed. The only behavior change is for importing certificate reply. If the reply uses weak algorithm(s), an extra prompt will be shown.

            - Webrev: http://cr.openjdk.java.net/~weijun/8171319/webrev.01/

            - Testing (done/to-be-done): Existing jdk_security3 tests and new test in webrev.

            - Back ports (done/to-be-done) : JDK 6u, 7u, 8u.

            
- FX Impact: None

            - Fix For Release: JDK 6u, 7u, 8u, 9 ]
            weijun Weijun Wang made changes -
            Labels 9-critical-watch release-note=yes security-disabled-algs-rfe supportability:data release-note=yes security-disabled-algs-rfe supportability:data
            hgupdate HG Updates made changes -
            Status Open [ 1 ] Resolved [ 5 ]
            Resolved In Build team [ 17324 ]
            Fix Version/s 9 [ 14949 ]
            Resolution Fixed [ 1 ]
            darcy Joe Darcy made changes -
            Link This issue relates to JDK-8176321 [ JDK-8176321 ]
            rhalade Rajan Halade made changes -
            Link This issue relates to JDK-8176320 [ JDK-8176320 ]
            weijun Weijun Wang made changes -
            Link This issue relates to JDK-8176320 [ JDK-8176320 ]
            weijun Weijun Wang made changes -
            Link This issue relates to JDK-8176321 [ JDK-8176321 ]
            iris Iris Clark made changes -
            Labels release-note=yes security-disabled-algs-rfe supportability:data jsr379-annex1-na release-note=yes security-disabled-algs-rfe supportability:data
            hgupdate HG Updates made changes -
            Resolved In Build team [ 17324 ] master [ 18256 ]
            weijun Weijun Wang made changes -
            Link This issue duplicates JDK-8176320 [ JDK-8176320 ]
            hgupdate HG Updates made changes -
            Resolved In Build master [ 18256 ] b160 [ 18046 ]
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8176665 [ JDK-8176665 ]
            ascarpino Anthony Scarpino made changes -
            Link This issue relates to JDK-8177042 [ JDK-8177042 ]
            weijun Weijun Wang made changes -
            Link This issue relates to JDK-8177569 [ JDK-8177569 ]
            weijun Weijun Wang made changes -
            Link This issue relates to JDK-8163304 [ JDK-8163304 ]
            ggalimbe Gustavo Galimberti (Inactive) made changes -
            Labels jsr379-annex1-na release-note=yes security-disabled-algs-rfe supportability:data jsr379-annex1-na release-note=yes security-disabled-algs-rfe supportability:data vrf-jj
            jjiang John Jiang made changes -
            Status Resolved [ 5 ] Closed [ 6 ]
            Verification Verified [ 17000 ]
            darcy Joe Darcy made changes -
            Link This issue csr of CCC-8171319 [ CCC-8171319 ]
            coffeys Sean Coffey made changes -
            Link This issue backported by JDK-8185331 [ JDK-8185331 ]
            coffeys Sean Coffey made changes -
            Labels jsr379-annex1-na release-note=yes security-disabled-algs-rfe supportability:data vrf-jj CPU17_04-critical-watch jsr379-annex1-na release-note=yes security-disabled-algs-rfe supportability:data vrf-jj
            coffeys Sean Coffey made changes -
            Link This issue relates to JDK-8182879 [ JDK-8182879 ]
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8185663 [ JDK-8185663 ]
            coffeys Sean Coffey made changes -
            Labels CPU17_04-critical-watch jsr379-annex1-na release-note=yes security-disabled-algs-rfe supportability:data vrf-jj CPU17_04-critical-request jsr379-annex1-na release-note=yes security-disabled-algs-rfe supportability:data vrf-jj
            rhalade Rajan Halade made changes -
            Labels CPU17_04-critical-request jsr379-annex1-na release-note=yes security-disabled-algs-rfe supportability:data vrf-jj CPU17_04-critical-SQE-OK CPU17_04-critical-request jsr379-annex1-na release-note=yes security-disabled-algs-rfe supportability:data vrf-jj
            ydagra Yashi Dagra made changes -
            Labels CPU17_04-critical-SQE-OK CPU17_04-critical-request jsr379-annex1-na release-note=yes security-disabled-algs-rfe supportability:data vrf-jj CPU17_04-critical-SQE-OK CPU17_04-critical-approved jsr379-annex1-na release-note=yes security-disabled-algs-rfe supportability:data vrf-jj
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8185972 [ JDK-8185972 ]
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8186373 [ JDK-8186373 ]
            mullan Sean Mullan made changes -
            Labels CPU17_04-critical-SQE-OK CPU17_04-critical-approved jsr379-annex1-na release-note=yes security-disabled-algs-rfe supportability:data vrf-jj CPU17_04-critical-SQE-OK CPU17_04-critical-approved CPU17_04-crypto-roadmap-related jsr379-annex1-na release-note=yes security-disabled-algs-rfe supportability:data vrf-jj
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8188698 [ JDK-8188698 ]
            igerasim Ivan Gerasimov made changes -
            Link This issue relates to JDK-8181737 [ JDK-8181737 ]
            rpallath Rajendrakumar Pallath made changes -
            Labels CPU17_04-critical-SQE-OK CPU17_04-critical-approved CPU17_04-crypto-roadmap-related jsr379-annex1-na release-note=yes security-disabled-algs-rfe supportability:data vrf-jj CPU17_04-critical-SQE-OK CPU17_04-critical-approved CPU17_04-crypto-roadmap-related CPU18_01-crypto-roadmap-related jsr379-annex1-na release-note=yes security-disabled-algs-rfe supportability:data vrf-jj
            igerasim Ivan Gerasimov made changes -
            Link This issue backported by JDK-8189394 [ JDK-8189394 ]
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8189507 [ JDK-8189507 ]
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8189566 [ JDK-8189566 ]
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8190560 [ JDK-8190560 ]
            rpallath Rajendrakumar Pallath made changes -
            Labels CPU17_04-critical-SQE-OK CPU17_04-critical-approved CPU17_04-crypto-roadmap-related CPU18_01-crypto-roadmap-related jsr379-annex1-na release-note=yes security-disabled-algs-rfe supportability:data vrf-jj CPU17_04-critical-SQE-OK CPU17_04-critical-approved CPU17_04-crypto-roadmap-related CPU18_01-critical-request CPU18_01-crypto-roadmap-related jsr379-annex1-na release-note=yes security-disabled-algs-rfe supportability:data vrf-jj
            rhalade Rajan Halade made changes -
            Labels CPU17_04-critical-SQE-OK CPU17_04-critical-approved CPU17_04-crypto-roadmap-related CPU18_01-critical-request CPU18_01-crypto-roadmap-related jsr379-annex1-na release-note=yes security-disabled-algs-rfe supportability:data vrf-jj CPU17_04-critical-SQE-OK CPU17_04-critical-approved CPU17_04-crypto-roadmap-related CPU18_01-critical-SQE-OK CPU18_01-critical-request CPU18_01-crypto-roadmap-related jsr379-annex1-na release-note=yes security-disabled-algs-rfe supportability:data vrf-jj
            sgehwolf Severin Gehwolf made changes -
            Link This issue relates to JDK-8191137 [ JDK-8191137 ]
            kkrishnamurt Kavita Krishnamurthy made changes -
            Labels CPU17_04-critical-SQE-OK CPU17_04-critical-approved CPU17_04-crypto-roadmap-related CPU18_01-critical-SQE-OK CPU18_01-critical-request CPU18_01-crypto-roadmap-related jsr379-annex1-na release-note=yes security-disabled-algs-rfe supportability:data vrf-jj CPU17_04-critical-SQE-OK CPU17_04-critical-approved CPU17_04-crypto-roadmap-related CPU18_01-critical-SQE-OK CPU18_01-critical-approved CPU18_01-crypto-roadmap-related jsr379-annex1-na release-note=yes security-disabled-algs-rfe supportability:data vrf-jj
            andrew Andrew Hughes made changes -
            Link This issue relates to JDK-8191840 [ JDK-8191840 ]
            andrew Andrew Hughes made changes -
            Link This issue relates to JDK-8191845 [ JDK-8191845 ]
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8192618 [ JDK-8192618 ]
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8193997 [ JDK-8193997 ]
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8197349 [ JDK-8197349 ]

              People

              • Assignee:
                weijun Weijun Wang
                Reporter:
                weijun Weijun Wang
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: